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Coders'  Rights  Project 


Cryptography  Law 


BSidesMSP 

Nate  Cardozo,  EFF 

783A  8CC4  1 66D  1 768  4E8E  DAFD  2D76  4786  4AE6  31 81 


PQ 


rD 


ELECTRONIC  FRONTIER  FOUNDATION 


D Q 


=D 


ELECTRONIC  FRONTIER  FOUNDATION 


The  Net  interprets  censorship  as  damage 
and  routes  around  it.” 


John  Gilmore,  ~1993 
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The  First  Crypto  Wars 


#!/usr/local/bin/perl  -s  do 

'bigint.pl ' ; ($_, $n)=@ARGV; s/a. ( . . )*$/0$&/ ; ($k=unpack( ' B* ' .packC'H*' ,$_)))=- 
s/AO*//; $x=0; $z=$n=~s/./$x=&badd(&bmul ($x, 16) , hex$&)/ge;while(read(STDlN, $_, $w 
=((2*$d-l+$z)&~l)/2)){$r=l; $_=substr($_. "\0"x$w, $c=0, $w) ; s/. | \n/$c=&badd(&bmul 
($c, 256) ,ord$&)/ge; $_=$k;s/./$r=«&bmod(&bmul ($r , $r) , $x) , $&?$r=&bmod(&bmul ($r , $c 
) ,$x) :0,""/ge; ($r , $t)=&bdiv($r ,256) , $_=pack(C, $t) .$_  while$w--+l-2*$d;print} 
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The  First  Crypto  Wars 
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! Netscape 


You  are  here:  Home  > Comoutina  & Internet  > Download 

Download 

!|r  Clink  fieri**  1 Clink  h«fRi 

Clink  here' 

Departments  Download  the  New  Netscape 

SmartUpdate  Communicator  4.61 

Netscape  Browsers  English.  56-Dit  standard  encryption,  including  Navigator 

Netscape  Servers  and 

Netscape  Network 
ad 

Full  Download  of  Communicator  4.61 

Browser  Plug-ins  |f  you're  new  to  Communicator,  choose  either  the 

Shareware  Windows  95/98/NT  or  Mac  PowerPC  (OS  7.6.1  or 

later)  version. 

Netscape  Network 
ad 

Computing  & Internet  F„,  Updale  Conlmunie.lor  ,.0 

SmartDownload 

Hardware 
Tech  Resources 
Tech  News 
Web  Site  Services 
So*tware  Reviews 
Games 
Support 


Full  Download  of  Unix,  International,  & 128-bit 

If  you're  looking  for  a Unix,  International,  128-bit 
strong  encryption,  or  other  version  of 
Communicator,  c' 


New!  Click  Here  New! 
to  get  SmartDownload 
(for  Win  95/98/NT  oily) 

Shareware  by  CNET 

Browse  and  select 
from  over  20.000  titles: 
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N~  PGt 

CD  s I MOD  CP-l5Cca.'l5 
C.  - Me  /V/VOD^ 

«A-  C"  MOD* 


ITS  JUST  an  ALGORITHM 
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If  all  you  have  is  a hammer.. 
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If  all  you  have  is  a J.D.  ... 
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922  FEDERAL  SUPPLEMENT 


Daniel  J.  BERNSTEIN,  Plaintiff, 

UNITED  STATES  DEPARTMENT  OF 
STATE,  et  al.  Defendants. 

No.  C-95-0582  MHP. 

United  States  District  Court, 

N.D.  California. 

April  15,  1996. 


Mathematician  sought  declaratory  and 
injunctive  relief  against  enforcement  of  the 
Arms  Export  Control  Act  (AECA)  and  the 
International  Traffic  in  Arms  Regulations 
(ITAR)  on  the  grounds  that  they  were  un- 
constitutional on  their  face  and  as  applied  to 
mathematician’s  cryptographic  computer 
source  code.  On  government’s  motion  to 
dismiss  for  lack  of  justiciability,  the  District 
Court,  Patel,  J.,  held  that:  (1)  cryptographic 
computer  source  code  is  “speech”  protected 
by  First  Amendment,  and  (2)  colorable  con- 
stitutional challenges  to  statute  and  regula- 
tions were  justiciable. 


how  to  make  the  encryption  algorithm  (the 
idea)  functional.  U.S.C-A  ConstAmend.  1. 
See  publication  Words  and  Phrases 
for  other  judicial  constructions  and  def- 

3.  Federal  Civil  Procedure  e=1773 

Motion  to  dismiss  will  be  denied  unless 
it  appears  that  plaintiff  can  prove  no  set  of 
facts  which  would  entitle  him  or  her  to  relief. 
Fed.Rules  Civ.Proc.Rule  12(bX6),  28 

U.S.C.A. 

4.  Federal  Civil  Procedure  ®=1829, 1835 

On  motion  to  dismiss,  all  material  allega- 
tions in  complaint  will  be  taken  as  true  and 
construed  in  light  most  favorable  to  plaintiff. 
Fed.Rules  Civ.Proc.Rule  12(b)(6),  28 

U.S.CJL 

5.  Federal  Civil  Procedure  «=>1832 

Although,  on  motion  to  dismiss,  court  is 
generally  confined  to  consideration  of  allega- 
tions in  the  pleadings,  when  complaint  is 
accompanied  by  attached  documents,  such 
documents  are  deemed  part  of  the  complaint 
and  may  be  considered  in  evaluating  merits 
of  motion.  Fed.Rules  Civ.Proc.Rule  12(bX6), 
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Code  is  Speech 

• Bernstein  v.  Department  of  Justice: 

“The  availability  and  use  of  secure  encryption  may  ...  reclaim 
some  portion  of  the  privacy  we  have  lost.  Gov’t  efforts  to 
control  encryption  thus  may  well  implicate  not  only  the  First 
Amendment  rights  ...  but  also  the  constitutional  rights  of 
each  of  us  as  potential  recipients  of  encryption’s  bounty.” 
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Clipper  Chip 


• Clipper  chip  was  an  NSA 
developed  chipset 

- For  voice  comms 

• Used  Skipjack  encryption 
algorithm 

• Included  back  door  with  key 
escrow 
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And  the  Internet  was  a safer  place  for  it! 
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We  thought  we  had  solved  the  field.. 
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We  thought  we  had  solved  the  field.. 

- But  thanks  to  Comey 
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We  thought  we  had  solved  the  field.. 

- But  thanks  to  Comey 

- More  work  remains 
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□ Q 
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• FBI  Director  Freeh  in  1997: 

“[Wje’re  in  favor  of  strong  encryption,  robust 
encryption.  The  country  needs  it,  industry 
needs  it.  We  just  want  to  make  sure  we  have  a 
trap  door  and  key  under  some  judge’s 
authority  where  we  can  get  there  if  somebody 
is  planning  a crime.” 


D Q 


ELECTRONIC  FRONTIER  FOUNDATION 


The  Next  Crypto  Wars 


iOS  Security 


October  2014 
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• FBI  Director  Comey  in  2014: 

“We  also  need  a regulatory  or  legislative  fix  to 
create  a level  playing  field,  so  that  all 
communication  service  providers  are  held  to 
the  same  standard  and  so  that  those  of  us  in 
law  enforcement,  national  security,  and  public 
safety  can  continue  to  do  the  job...” 


2015 


• Conversation  started  with  device  encryption,  but 
quickly  moved  to  end-to-end  encryption. 

• UK  PM  Cameron:  “Are  we  going  to  allow  a 
means  of  communications  which  it  simply  isn't 
possible  to  read?” 


“Only  a Business  Model” 


• Government  have  been  downplaying  corporate 
support  for  encryption 

- Comey:  “plenty  of  companies”  can  read  users' 
data  and  unlock  encrypted  phones. 

- “Encryption  isn’t  just  a technical  feature;  it’s  a 
marketing  pitch” 

• Combined  with  backroom  pressure 
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“Secure  Back  Door”  Proposals 

• Most  common  is  some  variation  on  key  escrow 

• E.g.  Message  sent  with 
symmetric  key 

• Encrypt  symmetric  key  twice 

- Recipient’s  public  key  and 

- Escrow  agent’s  public  key 

For  more  see  Keys  Under  Doormats, 

https://dspace.mit.edu/bitstream/handle/1721 .1/97690/MIT-CSAIL-TR-201 5-026.pdf 


What  if  we  re-named  back  doors? 

• Comey:  “We  aren’t  seeking  a back- 
door approach.  We  want  to  use  the 

front  door” 

• Washington  Post  “a  back  door  can 
and  will  be  exploited  by  bad  guys, 
too.  However,  with  all  their  wizardry, 
perhaps  Apple  and  Google  could 
invent  a kind  of  secure  golden  key” 
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Legislation 

• Many  countries  around  the  world  are 
considering  legislation  that  would  either 

- mandate  backdoors, 

- mandate  access  to  plaintext  or 

- endanger  encryption. 
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UK  Snooper’s  Charter 

• Purports  to  regulate  telecommunications 
operators  all  around  the  world 

• § 189(4)(c):  Operators  may  be  obligated  to 
remove  “electronic  protection”  if  they  provided 

- Could  be  interpreted  to  require  weakening 
encryption,  holding  a key  or  banning  end-to-end 
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UK  Snooper’s  Charter 

• Latest  version  resented  to  Parliament  in 
November 


- Currently  in  committee,  which  is  accepting 
evidence. 

- Industry  and  civil  society  submitted  comments 


Australia’s  Defence 
Trade  Controls  Act 


• Prohibits  the  “intangible  supply”  of  encryption 
technologies. 

• Many  ordinary  teaching  and  research  activities  could 
be  subject  to  unclear  export  controls  with  severe 
penalties. 

• International  Association  for  Cryptologic  Research 
organized  petition  against,  signed  100s  of  experts 
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India  Considers  An  Encryption  Policy 

• In  September,  India  released  a draft  National 
Encryption  Policy 

- Everyone  required  to  store  plain  text 

- Info  kept  for  90  days 

- Made  available  to  law  enforcement  agencies  as 
and  when  demanded 

• Withdrawn  after  criticism 


China’s  Anti-Terrorism  Law 

• Passed  last  year 

• Draft  version  required  tech  companies  to  hand 
over  encryption  codes 

• Final  version:  “shall  provide  technical 
interfaces,  decryption  and  other  technical 
support” 
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Trans-Pacific  Partnership 

• Some  report  that  TPP  could  contain  good 
news  on  encryption? 

- Alas,  no. 

• Provider  may  not  be  compelled  to  give  key 

- Only  “as  a condition  of  sale” 

• But  provider  must  still  give  decrypted  content 

• TPP  still  has  huge  problems  throughout 
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Obama:  No  Backdoor  Bill 

We  “will  not  — for  now — call  for  legislation 
requiring  companies  to  decode  messages  for 
law  enforcement.” 

But... 
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Obama:  No  Backdoor  Bill 

• We  “will  not  — for  now — call  for  legislation 
requiring  companies  to  decode  messages  for 
law  enforcement.” 

• But... 

- Leaked  National  Security  Council  memo  from 
Thanksgiving  2015 
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The  Rule  of  Cynicism 

• Bob  Litt,  General  Counsel  of  the  ODNI: 

Encryption  debate  “could  turn  in  the  event  of  a 
terrorist  attack  or  criminal  event  where  strong 
encryption  can  be  shown  to  have  hindered  law 
enforcement.” 
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All  Writs  Act  Litigation 


Apple  V.  FBI 
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All  Writs  Act  Litigation 


Apple  V.  FBI 

- This  is  the  San  Bernardino  iPhone  case 
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All  Writs  Act  Litigation 


Apple  V.  FBI 

- This  is  the  San  Bernardino  iPhone  case 

- Also,  a case  in  EDNY 
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Other  Litigation 

Wiretap  Act  litigation  may  be  coming 
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Other  Litigation 

Wiretap  Act  litigation  may  be  coming 

- New  York  Times  report  re:  WhatsApp 
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Other  Litigation 

Wiretap  Act  litigation  may  be  coming 

- New  York  Times  report  re:  WhatsApp 

There  may  be  FISA  Court  orders 
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Other  Litigation 

• Wiretap  Act  litigation  may  be  coming 

- New  York  Times  report  re:  WhatsApp 

• There  may  be  FISA  Court  orders 

- EFF  just  this  quarter  filed  a FOIA  case  to  get 
access  to  them 
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Burr-Feinstein  Bill 


Would  require  providers  to  decrypt  on 
demand 
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Burr-Feinstein  Bill 


Would  require  providers  to  decrypt  on 
demand 

- Criminal  and  civil  penalties 
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• Would  require  providers  to  decrypt  on 
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- Criminal  and  civil  penalties 

• Applies  to  comms,  storage,  and  licensing 
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Burr-Feinstein  Bill 

• Would  require  providers  to  decrypt  on 
demand 

- Criminal  and  civil  penalties 

• Applies  to  comms,  storage,  and  licensing 

- This  includes  app  stores  and  open  source 

• Not  just  e2e  and  FDE 


Burr-Feinstein  Bill 

• Would  require  providers  to  decrypt  on 
demand 

- Criminal  and  civil  penalties 

• Applies  to  comms,  storage,  and  licensing 

- This  includes  app  stores  and  open  source 

• Not  just  e2e  and  FDE 

- This  would  outlaw  computers  as  we  know  them 
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Burr-Feinstein  Bill 


Problematic  on  every  level 
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Burr-Feinstein  Bill 


Problematic  on  every  level 

- Unconstitutional 
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Burr-Feinstein  Bill 


Problematic  on  every  level 

- Unconstitutional 

- Would  break  the  Internet 
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Burr-Feinstein  Bill 


Problematic  on  every  level 

- Unconstitutional 

- Would  break  the  Internet 

- Would  cripple  American  business 
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Burr-Feinstein  Bill 


Problematic  on  every  level 

- Unconstitutional 

- Would  break  the  Internet 

- Would  cripple  American  business 

-Would  be  totally  ineffective! 


PQ 


ELECTRONIC  FRONTIER  FOUNDATION 


2016 

What  are  we  looking  at? 
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2016 


What  are  we  looking  at? 

- Key  escrow  mandate 
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2016 


What  are  we  looking  at? 

- Key  escrow  mandate 

• I don’t  think  this  is  actually  going  to  happen. 
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2016 


What  are  we  looking  at? 

- Key  escrow  mandate 

• I don’t  think  this  is  actually  going  to  happen. 

- Burr-Feinstein 
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2016 


What  are  we  looking  at? 

- Key  escrow  mandate 

• I don’t  think  this  is  actually  going  to  happen. 

- Burr-Feinstein 

• This  definitely  won’t  happen  (in  the  current  form) 
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2016 


What  are  we  looking  at? 

- Key  escrow  mandate 

• I don’t  think  this  is  actually  going  to  happen. 

- Burr-Feinstein 

• This  definitely  won’t  happen  (in  the  current  form) 

- We  don’t  care  how,  just  make  plaintext  available. 
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2016 


• What  are  we  looking  at? 

- Key  escrow  mandate 

• I don’t  think  this  is  actually  going  to  happen. 

- Burr-Feinstein 

• This  definitely  won’t  happen  (in  the  current  form) 

- We  don’t  care  how,  just  make  plaintext  available. 

• Now  I will  go  into  prediction  mode. 
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2016 

But  what  is  actually  likely? 
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2016 


But  what  is  actually  likely? 

- Informal  pressure 
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2016 


But  what  is  actually  likely? 

- Informal  pressure 

- No  ban  will  reach  FOSS  crypto 
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2016 


But  what  is  actually  likely? 

- Informal  pressure 

- No  ban  will  reach  FOSS  crypto 

- CALEA-like  mandate 
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2016 


But  what  is  actually  likely? 

- Informal  pressure 

- No  ban  will  reach  FOSS  crypto 

- CALEA-like  mandate 

- India/Australia/UK  may  do  dumb  things 
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It’s  an  election  year.. 
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It’s  an  election  year... 

• Trump 

- "Apple  ought  to  give  the  security  for  that 
phone,  OK.  What  I think  you  ought  to  do  is 
boycott  Apple  until  such  a time  as  they  give 
that  security  number.  How  do  you  like  that? 
I just  thought  of  it.  Boycott  Apple." 


It’s  an  election  year... 

• Clinton 

- "It  doesn't  do  anybody  any  good  if  terrorists 
can  move  toward  encrypted 
communication  that  no  law  enforcement 
agency  can  break  into  before  or  after. 

There  must  be  some  way." 
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It’s  not  going  to  work  this  time  any  better 
than  it  did  the  last  time. 
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It’s  not  going  to  work  this  time  any  better 
than  it  did  the  last  time. 
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It’s  not  going  to  work  this  time  any  better 
^ than  it  did  the  last  time. 

iwt  ^GnuPG 
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It’s  not  going  to  work  this  time  any  better 
^ than  it  did  the  last  time. 

iwt  ^GnuPG 
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Questions? 

Nate  Cardozo 
Senior  Staff  Attorney,  EFF 
nate@eff.org 
@ncardozo 
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